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CRYPTOCURRENCY JACKING — 

Tesla cloud resources are hacked to run cryptocurrency-mining 
malware 

Crooks find poorly secured access credentials, use them to install stealth miner. 

DAN GOODIN - 2/21/2018, 3:21 AM 



Add Tesla to the legion of organizations that have been infected by cryptocurrency-mining malware. SUBSCRIPTIONS S 

In a report published Tuesday, researchers at security firm RedLock said hackers accessed one of Tesla's Amazon cloud accounts and used it to run 
currency-mining software. The researchers said the breach in many ways resembled compromises suffered by Gemalto, the world's biggest SIM card 
maker, and multinational insurance company Aviva. In October, RedLock said Amazon and Microsoft cloud accounts for both companies were 
breached to run currency-mining malware after hackers found access credentials that weren't properly secured. 

The initial point of entry for the Tesla cloud breach, Tuesday's report said, was an unsecured administrative console for Kubernetes, an open source 
package used by companies to deploy and manage large numbers of cloud-based applications and resources. 
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"The hackers had infiltrated Tesla's Kubernetes console which was not password protected," RedLock researchers wrote. "Within one Kubernetes pod, 
access credentials were exposed to Tesla's AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had 
sensitive data such as telemetry." 

Well concealed 

The attackers hid the malware behind an IP address hosted by security firm Cloudflare. They also configured the mining software to use a non¬ 
standard port to reach the Internet and to connect to an unlisted or semi-public endpoint rather than well-known mining pools. The attackers also 
likely ratcheted down the amount of CPU resources used to mine the digital coin. The measures helped to make the illicit mining harder to detect and 
lower the chances of it being shut down. 

Besides allowing attackers to run the mining malware, RedLock said the breach also exposed certain non-public Tesla data, including sensitive 
telemetry information related to Tesla cars. RedLock said it reported the breach to Tesla, and the systems were quickly disinfected. 

In an email, a Tesla representative wrote: "We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability 
within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no 
indication that customer privacy or vehicle safety or security was compromised in any way." 

The breach involving Tesla is only the latest example of companies that should know better than failing 
to properly secure their cloud accounts. Besides the Amazon and Microsoft Azure breaches of Gemalto 
and Aviva accounts, researchers recently found a mountain of sensitive Federal Express customer data 
exposed on a publicly accessible Amazon storage site, where it had remained available to anyone, 
possibly for years. Researchers are also reporting that cryptocurrency malware is rendering some 
companies unable to operate. 
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Mountain of sensitive FedEx 
customer data exposed, possibly for 
years 


DAN GOODIN 

Dan is the Security Editor at Ars Technica, which he joined in 2012 after working for The Register, the Associated Press, Bloomberg News, and other publications. 
EMAIL dan.goodin@arstechnica.com // TWITTER @dangoodin001 


READER COMMENTS 66 


SHARE THIS STORY 


<- PREVIOUS STORY 

Related Stories 


NEXT STORY -» 


— r 

https://arstechnica.com/information-technology/2018/02/tesla-cloud-resources-are-hacked-to-run-cryptocurrency-mining-malware/ 


2/3 











3/11/2018 


Tesla cloud resources are hacked to run cryptocurrency-mining malware | Ars Technica 


powerea Dy 




Top 10 Mac Antivirus (2018) - Who's Rated #1 For Mac 
Users? 

My Antivirus Review 


Take A Peek At This Insane Super Yacht 
Mansion Global 



Online Shopping for Fashion and Beauty at ZALORA 
Philippines 

@Zaloraph 


Today on Ars 


RSS FEEDS 
VIEW MOBILE SITE 
ABOUT US 
SUBSCRIBE 


CONTACT US 
STAFF 

ADVERTISE WITH US 
REPRINTS 


NEWSLETTER SIGNUP 

Join the Ars Orbital Transmission 
mailing list to get weekly updates 
delivered to your inbox. 


Email address 


SUBSCRIBE 


CNMN Collection 
WIRED Media Group 

Use of this Site constitutes acceptance of our User Agreement (effective 1/2/14) and Privacy Policy (effective 1/2/14), and Ars Technica Addendum (effective 5/17/2012). View our Affiliate Link 
Policy. Your California Privacy Rights. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Conde 
Nast. 


https://arstechnica.com/information-technology/2018/02/tesla-cloud-resources-are-hacked-to-run-cryptocurrency-mining-malware/ 


3/3 









